EC2-DFIR

A tool to automate EC2 digital evidence collection from AWS EC2

Requires Python - Run the ec2.py with AWS credentials to make a forensic snapshot of EBS volume and download it to the local system.

The tool was developed in 2018 and it's not continusly updated. AWS makes continues changes to their platform but this should give you a head start. Please review code, test on local setup before using in a production environment.

Use at your own risk.